package com.cskaoyan.config;

import com.cskaoyan.bean.vo.admin.auth.CustomRealm;
import com.cskaoyan.bean.vo.admin.auth.CustomShiroSessionManager;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.Arrays;
import java.util.LinkedHashMap;

/**
 * Created with IntelliJ IDEA.
 *
 * @Author: bwj
 * @Date: 2022/09/07/21:00
 * @Description: shiro安全框架配置
 */
@Configuration
public class ShiroConfiguration {

    //注册shiroFilter
    @Bean
    public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager){
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        //map中key对应url,value对应filter名称（anon,authc,perms）
        filterChainDefinitionMap.put("/admin/auth/login","anon");
        filterChainDefinitionMap.put("/admin/auth/logout","anon");
        filterChainDefinitionMap.put("/wx/auth/login","anon");
        filterChainDefinitionMap.put("/wx/auth/logout","anon");
        filterChainDefinitionMap.put("/admin/auth/unauthc","anon");
//        filterChainDefinitionMap.put("/admin/auth/login","anon");
        filterChainDefinitionMap.put("/admin/**","authc");
//        filterChainDefinitionMap.put("/wx/**","authc");
        //认证，如果认证不通过，会重定向到其他地址，自定义地址
//        filterChainDefinitionMap.put("/admin/brand/list","perms");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
        //重定向
        shiroFilterFactoryBean.setLoginUrl("/admin/auth/unauthc");
        return shiroFilterFactoryBean;
    }

    //注册securityManager
    @Bean
    public DefaultWebSecurityManager securityManager(CustomRealm customRealm, CustomShiroSessionManager customShiroSessionManager){
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        // 设置认证器，如果没有设置，则采用默认的认证器 → ModularRealmAuthenticator
        // 多账号管理体系 → 设置自定义的认证器
        //securityManager.setAuthenticator();
        // 设置授权器，如果没有设置，则采用默认的授权器 → ModularRealmAuthorizer
        //securityManager.setAuthorizer();
        // 给SecurityManager设置Realm信息 → 给默认的认证器和授权器设置Realm信息
        securityManager.setRealms(Arrays.asList(customRealm));
        securityManager.setSessionManager(customShiroSessionManager);
        return securityManager;
    }

    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager securityManager) {
        AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        authorizationAttributeSourceAdvisor.setSecurityManager(securityManager);
        return authorizationAttributeSourceAdvisor;
    }
}
